Systems and methods for detecting keyboard characteristics

ABSTRACT

A keyboard detection system, that includes a processor that operates to detect at least one anomaly in input data and determine a correlation between the at least one anomaly and a characteristic of an inconsistent keyboard type. The processor may operate to determine the correlation between the at least one anomaly and the characteristic of the inconsistent keyboard type based on a lookup table or algorithm.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application claims priority to and benefit from U.S.Provisional Application No. 62/620,058, entitled “SYSTEMS AND METHODSFOR DETECTING KEYBOARD CHARACTERISTICS”, filed on Jan. 22, 2018, whichis hereby incorporated by reference in its entirety.

BACKGROUND

This section is intended to introduce the reader to various aspects ofart that may be related to various aspects of the present disclosure,which are described and/or claimed below. This discussion is believed tohelp provide the reader with background information to facilitate abetter understanding of the various aspects of the present disclosure.Accordingly, it is understood that these statements are to be read inthis light, and not as admissions of prior art.

The present disclosure relates generally to monitoring and analyzingvarious types of communications and interactions. More specifically, thepresent disclosure relates to monitoring transmitted information tofacilitate detecting certain characteristics associated with thetransmitted information. Once detected, these characteristics may beutilized for various analytical and active purposes. For example,identified input characteristics may be used to analyze, detect, anddefeat fraudulent access attempts and/or fraudulent uses of systems oraccounts.

SUMMARY

A summary of certain embodiments disclosed herein is set forth below. Itshould be understood that these aspects are presented merely to providethe reader with a brief summary of these certain embodiments and thatthese aspects are not intended to limit the scope of this disclosure.Indeed, this disclosure may encompass a variety of aspects that may notbe set forth below.

In one embodiment, a keyboard detection system, comprises a processorthat operates to detect at least one anomaly in input data and determinea correlation between the at least one anomaly and a characteristic ofan inconsistent keyboard type. The processor may operate to determinethe correlation between the at least one anomaly and the characteristicof the inconsistent keyboard type based on a lookup table or algorithm.

In another embodiment, a keyboard detection system includes a processorthat detects input data. The processor also detects an accountassociated with the input data. The processor determines a typingsignature associated with the account, and compares input data to thetyping signature to detect anomalies. The processor activates a fraudapplication such that access to the account is limited and/or blocked inresponse to a detected anomaly.

In another embodiment, a keyboard detection system includes a processorthat detects at least one anomaly in input data. The processor detectsan account associated with the input data. The processor determines acorrelation between the at least one anomaly and a characteristic of aninconsistent keyboard type based on a lookup table or algorithm. Theprocessor activates a fraud application such that access to the accountis limited and/or blocked in response to a detected anomaly.

Various refinements of the features noted above may exist in relation tovarious aspects of the present disclosure. Further features may also beincorporated in these various aspects as well. These refinements andadditional features may exist individually or in any combination. Forinstance, various features discussed below in relation to one or more ofthe illustrated embodiments may be incorporated into any of theabove-described aspects of the present disclosure alone or in anycombination. The brief summary presented above is intended only tofamiliarize the reader with certain aspects and contexts of embodimentsof the present disclosure without limitation to the claimed subjectmatter.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features, aspects, and advantages of the presentdisclosure will become better understood when the following detaileddescription is read with reference to the accompanying drawings in whichlike characters represent like parts throughout the drawings, wherein:

FIG. 1 illustrates a schematic view of a user accessing an account of aninstitution, wherein the access is being monitored by a system inaccordance with present embodiments.

FIG. 2 illustrates a schematic view of a Cyrillic keyboard providinginput that is being detected by a system in accordance with embodimentsdescribed herein;

FIG. 3 illustrates alt codes for producing English language characterson a non-English keyboard, wherein the alt codes are assembled in alookup table of a system in accordance with embodiments describedherein;

FIG. 4 illustrates a login screen for a financial institution producedby a server, wherein the server is monitored by a system in accordancewith embodiments described herein;

FIG. 5 illustrates a method of operation of a keyboard detection systemthat detects and blocks foreign hackers from unauthorized access to anaccount, in accordance with embodiment described herein;

FIG. 6 illustrates a schematic of a fraud assessmentapplication/program, in accordance with embodiments described herein;

FIG. 7 illustrates a method of operation for a keyboard detection systemthat verifies a user's identity by monitoring keyboard input, inaccordance with embodiments described herein; and

FIG. 8 illustrates a method of operation for a keyboard detection systemthat prompts a user to switch keyboard layouts, in accordance withembodiments described herein.

DETAILED DESCRIPTION

One or more specific embodiments will be described below. In an effortto provide a concise description of these embodiments, not all featuresof an actual implementation are described in the specification. Itshould be appreciated that in the development of any such actualimplementation, as in any engineering or design project, numerousimplementation-specific decisions must be made to achieve thedevelopers' specific goals, such as compliance with system-related andbusiness-related constraints, which may vary from one implementation toanother. Moreover, it should be appreciated that such a developmenteffort might be complex and time consuming, but would nevertheless be aroutine undertaking of design, fabrication, and manufacture for those ofordinary skill having the benefit of this disclosure.

Foreign language keyboards are often used to generate characters (e.g.,numerals or text) in a local or non-foreign language. In order toproduce these characters on a foreign language keyboard, the user mayhave to use alt codes. Alt codes are generated by pushing the alt buttonin combination with characters (e.g., foreign characters or numbers) toproduce a character from the non-foreign alphabet. For example, on anon-English keyboard, a combination of the “Alt” button and entry of thenumber 84 (indicated by “alt+84”) may be used to enter the capitalletter “T” when English is the language being employed forcommunication. The complication of pressing alt in combination withthese numbers may lead to a user accidently typing in 84, alt+85,alt+83, and so forth, instead of the appropriate alt+84 when attemptingto type a capital “T” (e.g., when entering a username or password). Inaccordance with present embodiments, such mistakes may be detected as acomponent of operation of a keyboard detection system. Further, thekeyboard detection system may utilize such mistakes to determine alikely keyboard layout that is associated with the mistakes, which mayinclude indications of an inconsistency between the account holder'snative/expected language and a characteristic of the detected keyboard.For example, if an account holder's primary language is English and theaccount holder has previously accessed the account using an Englishlanguage keyboard layout, the detection of a keyboard layout for anotherlanguage may indicate an attempt by a hacker to gain access to theaccount. Indeed, the traditional language employed by the account holderdoes not match the non-English characteristic of the detected keyboardin this example. Thus, the keyboard detection system may flag theaccount, the session, or the like for heightened scrutiny beforeproviding access to the account. It should be noted that, in the presentexample, the non-English language keyboard would be considered a foreignkeyboard. However, in other situations, an English language keyboardwould be considered foreign.

Bad actors are continuously trying to access and steal sensitiveinformation from various institutions, including financial accountinformation. The information they obtain may enable them to stealfinancial resources and/or obtain sensitive information that may beexploited in other ways. It has been estimated that over 90% of theglobal attack traffic originates outside of the United States. Some ofthese countries include China, Russia, Romania, North Korea, amongothers. The native language in these countries is not English. However,many of the targets of the attacks utilize systems that employ theEnglish language. Therefore many of these criminals, foreign agents, andso forth use keyboards that reflect their non-English alphabets orcharacters. When these bad actors attempt to access an account at a U.S.institution they may have to type in usernames and passwords thatcontain characters from the English alphabet. Likewise, when an Englishkeyboard is used to access an account that utilizes a non-Englishlanguage (e.g., outside of the U.S.), special codes may be utilized toprovide specialized characters in usernames and passwords. Whileusernames and passwords are set forth above as examples and while theymay be of particular interest for monitoring purposes, other information(e.g., data provided in a form or a communication) may also monitored.Such information may be fully observed or it may be limited to detectionof anomalies that are then associated with characteristics of aninconsistent keyboard type, as identified by algorithms or lookup tablesthat associate the typical anomalies (or errors) with certain types ofkeyboards. By limiting this type of monitoring to reports of suchanomalies, data processing efficiencies may be achieved.

In addition to detecting the use of a particular keyboard layout, thekeyboard detection system, may also monitor the keystrokes of a user andcreate a profile based on common mistakes of the user (e.g., an accountholder). These repeated mistakes may form a type of signature thatenables the keyboard detection system to identify and authenticate thatthe actual user is the one providing input data (e.g., via accessing andusing an account). For example, if an account holder typically types“chaange” instead of “change” the keyboard detection system mayrecognize this as a common error by the account holder and thereforeenable the account holder to continue using the account withoutheightened security. In contrast, if the user makes repeated mistakesthat are not typically associated with the user (e.g., characters notassociated with the language of the account holder, other types ofspelling mistakes), the keyboard detection system may flag the accountfor heightened scrutiny to protect the account from unauthorized use.

Present embodiments may be utilized to thwart hacking, to confirm userauthorizations (e.g., without or in addition to existing protocols), andfor other purposes as well. For example, in one embodiment, a diagnosticmay be performed on a server or some other access target. The diagnosticmay reveal the locations and likely keyboard types associated with allattempted and/or successful access attempts for the particular server(or other access target) being monitored. Information such as this mayfacilitate high-level analytics associated with security, serviceimprovement, and the like.

FIG. 1 illustrates a schematic view of a user 10 accessing an account ofan institution 12, such as a financial institution, wherein the accessis being monitored by a system 14 in accordance with presentembodiments. Other accounts may include social media accounts, storeaccounts, entertainment accounts, email accounts, work accounts, and soforth. In order to access such accounts, the user 10 may type inusernames and passwords, after which the user may perform a variety offunctions, including transferring funds, typing messages, orderingproducts, among others. As the user performs these tasks, he or shepushes buttons on a keyboard, which allow characteristics of thatkeyboard to be detected by the system 14. In some situations, aninconsistent keyboard may be detected based on anomalies (e.g.,typographical errors that suggest codes are being used, such as altcodes). As a specific example, errors typically associated with the useof alt codes (as determined via a lookup table or algorithm) mayindicate the use of a foreign keyboard layout (e.g., a keyboard for alanguage not typically used for the type of access being monitored).This may indicate the user is a likely hacker attempting to gainunauthorized access to or use the account and the system may takepreemptive measures to defeat the hack. It should be noted that the termforeign keyboard layout may include a keyboard layout that is notassociated with a detected geographic region, a particular user, aparticular account or the like. For example, an English languagekeyboard layout would be typically associated with a user in an Englishspeaking country. An attempt to access an account from a U.S. internetprotocol (IP) address with a Chinese keyboard layout could thereforeindicate either a Chinese speaker is attempting to gain access to anaccount or that a Chinese hacker is spoofing the U.S. IP address whileattempting to gain access to or fraudulently use another's account.Thus, by detecting use of a foreign keyboard layout, an institution isable to flag the use for review and block unauthorized access or preventcontinued unauthorized access where appropriate.

FIG. 2 illustrates a schematic view of a Cyrillic keyboard 20 providinginput to an account of an institution 12 that is being detected by asystem 14 in accordance with present embodiments. As illustrated, manyof the keyboard keys 22 represent characters that are essentiallyuseless in typing in an English language based username, password,messages, form entry, or the like. The user would therefore have to usea different keyboard and/or special codes to type in the Englishlanguage characters. One example of special codes may include theabove-referenced alt codes.

FIG. 3 illustrates alt codes for producing English language characterson a non-English keyboard, wherein the alt codes are assembled in alookup table 26 of the system 14 in accordance with present embodiments.As illustrated, each English language character may be reproduced usingthe alt button in combination with a specific combination of numbers.For example, the lowercase “k” is produced by pressing alt and thenumber combination 107. In contrast, a capital “K” is produced by typingalt in combination with the number combination of 75. Accordingly, ifthe user were to type in a username of “Citcat” on a foreign keyboardthey would need to push the following keys: alt+67, alt+105, alt+116,alt+99, alt+97, alt+116. The difficulty in pushing all of these keyscorrectly to type in only six characters may lead to the hacker makingone or more mistakes that may indicate use of a foreign keyboard andthus indicate that a bad actor is attempting to gain access to theaccount. It should also be recognized that longer usernames andpasswords increase the complexity of the combinations and may thereforelead to more opportunities for the hacker to make a mistake. Likewise,uses associated with drafting text for communications, form entries, andso forth increase the likelihood of detection. Detection of such usesmay be facilitated by separate lookup tables with typical errorsassociated with the use of these alt codes (e.g., entry of “6”, “7”, or“67” where a “c” would typically be typed).

FIG. 4 illustrates an account login screen 30 produced by a server 32.The account may be a social media account, store account, email account,work account, or the like. In the illustrated embodiment, the server 32includes a processor 34, such as the illustrated microprocessor, and amemory device 36. The server 32 may also include one or more storagedevices and/or other suitable components. The processor 34 may be usedto execute software, such as software for producing the login screen 30and for verifying the username and password provided by a user. Inaddition to verifying the username and password, the server 32 mayinclude and run a keyboard detection system 38. The keyboard detectionsystem 38 may operate to analyze the username and password for anomaliesin the username and password that may be indicative of the user using aforeign keyboard. The use of a foreign keyboard to access an account maybe an indicator that the user is a hacker attempting to gain access toan account. In other embodiments, entries other than or in addition tothe username and password may be monitored by the keyboard detectionsystem 38 to facilitate identification of foreign keyboards (orotherwise inconsistent keyboards).

As explained above, a hacker may use special codes such as alt codes ona foreign keyboard for typing language characters. For example, aCyrillic keyboard may be used to type English characters. In someembodiments, the keyboard detection system monitors the input ofusernames and/or passwords in real time to detect mistakes that a hackermay enter while entering a username and/or password using special codes,such as alt codes. In some embodiments, the keyboard detection systemchecks the username and/or password for mistakes associated with the useof a foreign keyboard after the username and password are submitted tothe server for verification. While alt codes are discussed throughoutthis application, it should be understood that the keyboard detectionsystem may detect other codes that enable a hacker to create certainlanguage characters on a foreign keyboard. Further, as previously noted,any character entry may be considered and analysis is not limited tousername and/or password.

FIG. 5 illustrates a method 50 (e.g., performed via the server 32, suchas the processor 34) of operation of a keyboard detection system fordetecting and defeating hackers from fraudulently accessing and using aninstitution's accounts. The account may be a social media account,financial account, store account, or the like. The method 50 begins withthe keyboard detection system detecting the characters input into theusername field of the login screen 30, block 52. Character input may bemonitored in real time or checked after the username is submitted forverification. As the keyboard detection system detects the characters ofthe username, the system checks the characters and combinations ofcharacters against codes used by foreign keyboards to produce thecharacters, block 54. In some embodiments, the keyboard detection systemdetects that the account access attempt is coming from a specificgeographic region, such as Kansas. The keyboard detection systemrecognizes that keyboard layouts in this region should primarily beEnglish language keyboard layouts. Accordingly, if the input errors areassociated with a non-English keyboard layout, the keyboard detectionsystem recognizes the discrepancy between what the expected keyboardlayout should be and what the actual keyboard layout is. Similarly, ifan account holder is associated with a particular keyboard layout, suchas an English keyboard layout, and the keyboard detection system detectsa different keyboard layout, the keyboard detection system recognizesthe discrepancy. As explained above, the term foreign keyboard layoutshould be understood to include a keyboard layout that is not associatedwith a detected geographic region or a particular user.

For example, if a legitimate username for an account is “Rockstar50” andthe characters typed into the username field are “Ro99kstar50” or“Ro98kstar50” the keyboard detection system identifies the 98 or 99 asan anomaly indicative of a foreign keyboard because a more commonmistake on an English character keyboard for “c” would be “v,” “x”, “d”or even “kc” instead of “98” or “99.” Moreover, the keyboard detectionsystem may recognize that alt+99 is the code for “c” and that alt+98 isassociated with “b,” which is the preceding character in the Englishalphabet. The keyboard detection system may also detect anomalies inspellings that may be associated with a user using a foreign keyboard bycomparing the username and/or password to English words and/or againstthe institutions database of usernames and/or passwords. For example, ifthe username is “RoCkstar50” and the characters typed into the usernamefield are “RoLkstar50” the foreign keyboard monitoring system anddetection system identifies “L” as an anomaly indicative of a foreignkeyboard because alt+67 is the code for “C” and alt+76 is associatedwith “L,” thus indicating that the user transposed the numbers of thealt code for capital “C” and instead typed the alt code for capital “L.”

In some embodiments, the user may actually push a key on the foreignlanguage keyboard that normally generates a foreign character on aforeign computer. However, when the key is pushed an unprintablecharacter is generated on the login screen 30 because the program mayonly recognize English language characters. Some examples of unprintablecharacters may include

The keyboard detection system is programmed to recognize thesecharacters as mistakes from a foreign keyboard and in response flags thesession and account for heightened scrutiny.

If the keyboard detection system detects an anomaly in the user name,the method 50 sends a signal that activates a fraud application program,block 56. As will be explained in more detail below, the fraudapplication may increase the security surrounding the account. This mayinclude additional security questions after entering the correct nameand password.

The keyboard detection system also detects the password entered into thepassword field of the user login screen 30, block 58. Character inputmaybe monitored in real time or checked after the password is submittedfor verification. As the keyboard detection system detects thecharacters of the password, the system checks the characters andcombinations of characters against codes used by foreign keyboards,block 60. For example, if a legitimate password for an account is“ArrowSmith1970” and the characters typed into the username field are“Arr111wSmith1970” or “Arr112wSmith1970” the keyboard detection systemidentifies the 111 or 112 as an anomaly indicative of a foreign keyboardbecause a more common mistake on an English character keyboard for “o”would be “p,” “i”, or “l” instead of “111” or “112” because they are theclosest keys to “o” on an English keyboard. Moreover, the keyboarddetection system may recognize that alt+111 is the code for “o” and thatalt+112 is associated with “p,” which is the preceding character in theEnglish alphabet. The keyboard detection system may also detectanomalies in spellings that may be associated with a user using aforeign keyboard. For example, if the username is again “ArrowSmith1970”and the characters typed into the username field are “ArrowRnith1970”the foreign keyboard monitoring system and detection system identifiesthat “R” as an anomaly indicative of a foreign keyboard because alt+83is the code for “S” and that alt+109 is associated with “m,” thusindicating that the user shifted the alt code by one number twice fortwo different inputs thus spelling “Rn” instead of “Sm.”

In some embodiments, the user may actually push a key on the foreignlanguage keyboard that normally generates a foreign character on aforeign computer. However, when the foreign language key is pushed anunprintable character is generated on the login screen 30 because theprogram may only recognize English language characters. Some examples ofunprintable characters may include

The keyboard detection system is programmed to recognize thesecharacters as mistakes from a foreign keyboard and in response flags thesession and account for heightened scrutiny. Again, if the keyboarddetection system detects an anomaly in the password, the method 50 sendsa signal that activates a fraud application program, block 62. If noanomaly is detected, the user gains access to the account, block 64.

However, even after gaining access to the account, the method 50 maycontinue monitoring activity on the account to detect possible use of aforeign keyboard. That is, the method 50 may monitor information and/ormessages typed after accessing the account, block 66. If the user typesinformation and/or messages in a social media account, email account,banking account, etc. they may contain mistakes associated with aforeign keyboard layout (i.e., mistakes similar to those discussedabove), block 68. If the message(s) contain mistakes that could beattributed to a foreign keyboard, the keyboard detection system mayactivate the fraud application/program, block 70. If no anomalies areidentified, the keyboard detection system continues to monitor a user'saccount activity, block 72.

FIG. 6 illustrates a schematic of a fraud application/program 80. Asexplained above, the server 32 may activate the fraud application 80 inresponse to detection of an anomaly. Anomalies may include unprintablecharacters, numbers associated with conversion codes (e.g., alt codes),as well as misspellings indicative of user using a foreign keyboard.When activated, the fraud application 80 may provide a variety ofoptions in dealing with a potential hacker. For example, the fraudapplication 80 may provide additional or more specific identificationquestions in order to verify the identity of the user, block 82. Thesequestions may include questions about their family and their accounts,among others. The fraud application 80 may also provide the option ofconducting a video call in order to confirm that the caller is in factthe customer, block 84. For example, the customer may provide theirphoto to the institution during enrollment, which may then be used toverify access to the account. In some embodiments, the fraud application80 may also facilitate entrapment of a hacker by providing access to anaccount other than the customer's account, block 86. For example,providing access to the false account may facilitate capture of thehacker and/or proof that a crime has been committed while stillprotecting the actual account of the customer. The fraud application mayalso check whether the account is registered to provide access using aforeign keyboard, block 88. For example, during registration the accountholder may indicate that they will use a foreign keyboard when accessingthe account. This information may be stored by the fraud application andaccessed if a foreign keyboard is detected. The fraud application maythen allow attempts to access the account using a foreign keyboardbecause of the previous registration.

Systems utilized to detect and prevent unauthorized access based ondetection of a foreign keyboard may include algorithms that detectwords, algorithms that use look-up tables, and/or algorithms that usecombinations thereof.

FIG. 7 is a method 100 (e.g., performed via the server 32, such as theprocessor 34) of operation for a keyboard detection system that verifiesa user's identity by monitoring keyboard input. The method 100 begins bycollecting keyboard input associated with a particular account, block102. This data may then be used in machine learning algorithms toproduce a signature for the associated account. More specifically, eachaccount holder may have particular habits when accessing an account orwhen typing information during use of the account, such as typingerrors. Overtime the collection of these errors and their analysis in amachine learning algorithm may produce a signature that is thenassociated with a user and their account, block 104. The method 100 maythen compare future access attempts as well as use of the accounts tothe signature to determine if the actual account owner is using theaccount, block 106. The method 100 then determines if the accountactivity (i.e., typed information) reflects the signature associatedwith the account, block 108. For example, an account holder maytypically type “sumit” instead of “submit” the keyboard detection systemmay recognize this as a common error by the account holder and thereforeenable the account holder to continue using the account withoutheightened security. In contrast, if the user makes mistakes that arenot typically associated with the account, the keyboard detection systemmay flag the account for heightened scrutiny because an initial analysisindicates someone other than the actual account holder is using theaccount. These mistakes may include characters produced by a keyboardlayout not associated with the account. For example, a Chinese characterproduced by a Chinese keyboard layout may be detected as an anomaly whenthe account is associated with an English language keyboard layout. Ifan anomaly is detected, that is a deviation from the signature, themethod 100 may activate a fraud application, similar to that describedabove to protect the account, block 110. If the signature is the same,the keyboard detection system continues monitoring keyboard input, block112.

FIG. 8 illustrates a method 120 of operation for a keyboard detectionsystem that prompts a user to switch keyboard layouts. The method 120begins by collecting keyboard input as a user types in a username,password, and/or data while using the account, online form, or the like,block 122. The keyboard detection system receives this data anddetermines what keyboard layout is being used, such as a Korean,Chinese, or Cyrillic keyboard layout, block 124. In order to detectwhich keyboard is being used, the keyboard detection system detectsanomalies associated with particular keyboards. These anomalies may bemisspellings and/or characters not associated with the language of theaccount. The detected keyboard layout is then compared to an expectedkeyboard of the account holder or user, block 126. If the keyboardlayout does not match the preferred keyboard of the user or of theaccount, block 128, the keyboard detection system sends a prompt to theuser. The prompt may ask the user to change keyboard layouts tofacilitate accessing and/or using the account, block 130.

The technical effects of the systems and methods described hereininclude a foreign keyboard detection and monitoring system thatfacilitates identification of hackers and defeats unauthorized attemptsto access the accounts of legitimate customers of an institution.

While only certain features of disclosed embodiments have beenillustrated and described herein, many modifications and changes willoccur to those skilled in the art. It is, therefore, to be understoodthat the appended claims are intended to cover all such modificationsand changes as fall within the true spirit of the present disclosure.

The invention claimed is:
 1. A keyboard detection system, comprising adatabase comprising database information associating a first pluralityof characters of a first language with a second plurality of characterscorresponding to keystrokes used to produce the first plurality ofcharacters via a keyboard of a second language different from the firstlanguage, wherein the second plurality of characters comprises altcodes, and the second language is a non-English language; a hardwareprocessor; and a memory communicatively coupled to the hardwareprocessor, wherein the memory comprises instructions that are configuredto cause the hardware processor to: receive input data comprising afirst set of the first plurality of characters, wherein the input datais related to a credential associated with an account; compare the inputdata to a second set of the second plurality of characters based on thedatabase information; determine that the input data and the second setof the second plurality of characters comprise a common subset ofcharacters; and request for additional security information associatedwith the account in response to determining that the input data and thesecond set of the second plurality of characters comprise the commonsubset of characters.
 2. The keyboard detection system of claim 1,wherein the instructions are configured to cause the hardware processorto block access to the account in response to determining that the inputdata and the second set of the second plurality of characters comprisethe common subset of characters, wherein the common subset defines athreshold amount of common characters.
 3. The keyboard detection systemof claim 1, wherein the instructions are configured to cause theprocessor to receive the input data as a username or password.
 4. Thekeyboard detection system of claim 1, wherein the first language isEnglish.
 5. The keyboard detection system of claim 1, wherein theaccount is associated with an English keyboard, and the second pluralityof characters comprises keystrokes used to produce English charactersvia a non-English keyboard.
 6. The keyboard detection system of claim 1,wherein the instructions are configured to cause the hardware processorto limit access to the account in response to detecting the input datacomprises one or more unprintable characters.
 7. The keyboard detectionsystem of claim 1, wherein the instructions are configured to cause thehardware processor to generate a typing signature for the account basedon error text associated with an attempt to type target text.
 8. Akeyboard detection system, comprising a hardware processor and a memorycommunicatively coupled to the hardware processor, wherein the memorycomprises instructions configured to cause the hardware processor to:monitor keystroke activity associated with an account; generate a typingsignature for the account based on the keystroke activity, wherein thetyping signature associates target text comprising a first plurality ofcharacters with error text comprising a second plurality of charactersand representative of a common misspelling of the target text indicatedby the keystroke activity; receive input data related to a credential ofthe account, wherein the credential comprises the target text; determinethat the input data does not comprise the target text or the error textbased on a comparison between the input data and the typing signature;and provide an alert indicative of a potential unauthorized accessattempt on the account in response to determining that the input datadoes not comprise the target text or the error text.
 9. The keyboarddetection system of claim 8, wherein the input data comprises a usernameor password.
 10. The keyboard detection system of claim 8, wherein theinstructions are configured to cause the hardware processor to requestfor additional information associated with the account in response todetecting the input data comprises one or more unprintable characters.11. A keyboard detection system, comprising: a database comprisingdatabase information associating a first plurality of characters of afirst language with a second plurality of characters corresponding tokeystrokes used to produce the first plurality of characters via akeyboard of a second language different from the first language, whereinthe second plurality of characters comprises alt codes, and the secondlanguage is a non-English language; a memory comprising instructionsstored thereon; and a hardware processor communicatively coupled to thememory, wherein the hardware processor, upon executing the instructionsstored on the memory, is configured to: receive input data comprising afirst set of the first plurality of characters; detect an accountassociated with the input data; compare the input data to a second setof the second plurality of characters based on the database information;determine that the input data and the second set of the second pluralityof characters comprise a common subset of characters; and limit accessto the account in response to determining that the input data and thesecond set of the second plurality of characters comprise the commonsubset of characters.
 12. The keyboard detection system of claim 11,wherein the hardware processor, upon executing the instructions, isconfigured to request for additional identifying information from a userin response to determining that the input data and the second set of thesecond plurality of characters comprise the common subset of characters.13. The keyboard detection system of claim 11, wherein the hardwareprocessor, upon executing the instructions, is configured to checkwhether a foreign keyboard is associated with the account in response todetermining that the input data and the second set of the secondplurality of characters comprise the common subset of characters. 14.The keyboard detection system of claim 11, wherein the hardwareprocessor, upon executing the instructions, is configured to requestfora video call with a user in response to determining that the inputdata and the second set of the second plurality of characters comprisethe common subset of characters.
 15. The keyboard detection system ofclaim 11, wherein the hardware processor, upon executing theinstructions, is configured to enable access to an additional accountdifferent from the account in response to determining that the inputdata and the second set of the second plurality of characters comprisethe common subset of characters, wherein the common subset of charactersis a threshold number of common characters.
 16. The keyboard detectionsystem of claim 1, wherein the instructions are configured to cause thehardware processor to compare the input data to the second set of thesecond plurality of characters in response to determining that the inputdata does not match the credential.
 17. The keyboard detection system ofclaim 1, wherein the additional security information comprises a photoassociated with a user of the account.
 18. The keyboard detection systemof claim 8, wherein the instructions are configured to cause thehardware processor to not provide the alert indicative of the potentialunauthorized access attempt on the account in response to determiningthat the input data comprises the error text.